COVID-19 takes US school hacks to new heights

According to research released this week, US schools suffered a record number of cyber security incidents in 2020 as attackers capitalized on the COVID-19 pandemic.

The State of K-12 Cybersecurity: 2020 Year In Review report from the K-12 Cybersecurity Resource Center and the K12 Security Information Exchange released the report based on data from its K-12 cyber incident map. It recorded 408 publicly disclosed cyber security incidents in 2020, an 18% increase over 2019.

The largest number of attacks were data breaches and leaks, representing 36%. Ransomware followed at 12%, denial of service attacks made up 5%, and phishing represented just 2% of attacks.

While some breaches involved staff records, most targeted student data. Parents even reported hackers using childs’ data for credit applications and to sign up for accounts at utility companies.

Third-party attacks were a common cause of breaches. For the second straight year, at least three-quarters of all breaches involved security incidents at school district vendors and other partners, the report noted.

There were 50 publicly disclosed ransomware infections in 2020, but there may have been more. Another eight school districts reported malware outbreaks that looked like ransomware but weren’t publicly confirmed as such. Overall, there were fewer ransomware incidents than in 2019, but they were severe.

Double extortion, which is a rising problem for ransomware victims, was a growing trend in 2020. In these attacks, cyber criminals steal data when they encrypt it and blackmail victims by threatening to publish what they stole. Hackers exposed at least 560,000 students' data this way in 2020.

The 2% figure for phishing attacks might seem low, but further analysis shows some of these are business email compromise (BEC) attacks. These are specialized attacks in which thieves convince administrators to send fraudulent payments. Four BEC thefts occurred in 2020, with hackers defrauding one school district of $9.8 million.

Almost half of the attacks (45%) fell into the “other” category, covering everything from “Zoom bombing” meetings to website defacements. This aligns with a sharp change in attack patterns and volumes during Q2 2020 as pandemic conditions kicked in and students moved to remote studies. There were just 49 incidents in Q1, rising to 67 in Q2. The subsequent quarters saw 160 and 132 incidents, respectively.

Intruders used videoconferencing systems to disrupt administrative meetings and classroom sessions, the report said, noting hackers didn’t limit these intrusions to just the Zoom platform. Intruders also compromised school email systems to distribute inappropriate material to the school district members, it added.

Danny Bradbury

Danny Bradbury has been a print journalist specialising in technology since 1989 and a freelance writer since 1994. He has written for national publications on both sides of the Atlantic and has won awards for his investigative cybersecurity journalism work and his arts and culture writing. 

Danny writes about many different technology issues for audiences ranging from consumers through to software developers and CIOs. He also ghostwrites articles for many C-suite business executives in the technology sector and has worked as a presenter for multiple webinars and podcasts.